Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A flaw in Node.js Permission Model filesystem enforcement leaves `fs.realpathSync.native()` without the required read permission checks, while all comparable filesystem functions correctly enforce them. As a result, code running under `--permission` with restricted `--allow-fs-read` can still use `fs.realpathSync.native()` to check file existence, resolve symlink targets, and enumerate filesystem paths outside of permitted directories. This vulnerability affects **20.x, 22.x, 24.x, and 25.x** processes using the Permission Model where `--allow-fs-read` is intentionally restricted.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Node.js 安全漏洞
Vulnerability Description
Node.js是Node.js开源的一个开源、跨平台的 JavaScript 运行时环境。 Node.js 20.x版本、22.x版本、24.x版本和25.x版本存在安全漏洞,该漏洞源于权限模型文件系统执行中缺少对fs.realpathSync.native的读取权限检查,可能导致绕过文件系统读取限制。
CVSS Information
N/A
Vulnerability Type
N/A